Support adding custom resource tags to Secrets created by VPN Connection for Preshared Keys when using SecretsManager

[mkielar]

What new functionality are you requesting?

• Resource:
  • Either: Enhancement to aws_vpn_connection to allow custom tags / propagate default tags from the provider.
  • Or: New resource: aws_secretsmanger_tag to allow adding custom tags to existing resources.

Description

I'm deploying VPC Connections with aws_vpc_connection resource, and preshared_key_storage set to secretsmanager. This implicitly creates secrets in SecretsManager. Since these connections are parts of different use-cases, I'd like to track them in Cost Explorer together with other resources for given use case. Adding custom tags would also simplify identification, since the names of these implicitly-provisioned secrets are rather cryptic (they only contain the id of the vpn resource).

Potential Terraform Configuration

I believe a separate resource would be the most generic option:

resource "aws_secretsmanger_tag" "vpn_preshared_key_tag" {
  resource_arn = aws_vpn_connection.my_amazing_app_on_prem_vpn.preshared_key_arn
  key          = "x-app-name"
  value        = "my-amazing-app"
}

Otherwise:

resource "aws_vpn_connection" "my_amazing_app_on_prem_vpn" {
  # ...

  preshared_key_storage = "SecretsManager"

  # Only when using SecretsManager:
  preshared_key_storage_tags = {            
    "x-app-name" = "my-amazing-app"
  }

  # Default tags defined on the provider should be applied implicitly by the resource.
}

References

#42797

Would you like to implement the enhancement?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.